Class: FindingObject (DEPRECATED)
The Finding object describes metadata related to a security finding generated
by a security tool or system.
URI: ocsf:FindingObject
classDiagram
class FindingObject
click FindingObject href "../FindingObject/"
Object <|-- FindingObject
click Object href "../Object/"
FindingObject : created_time
FindingObject : desc
FindingObject : first_seen_time
FindingObject : last_seen_time
FindingObject : modified_time
FindingObject : product
FindingObject --> "0..1" Product : product
click Product href "../Product/"
FindingObject : product_uid
FindingObject : related_events
FindingObject --> "*" RelatedEvent : related_events
click RelatedEvent href "../RelatedEvent/"
FindingObject : remediation
FindingObject --> "0..1" Remediation : remediation
click Remediation href "../Remediation/"
FindingObject : src_url
FindingObject : supporting_data
FindingObject : title
FindingObject : types
FindingObject : uid
Inheritance
- OcsfObject
- Object
- FindingObject
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| created_time | 0..1 TimestampT |
The time when the finding was created | direct |
| desc | 0..1 String |
The description of the reported finding | direct |
| first_seen_time | 0..1 TimestampT |
The time when the finding was first observed | direct |
| last_seen_time | 0..1 TimestampT |
The time when the finding was most recently observed | direct |
| modified_time | 0..1 TimestampT |
The time when the finding was last modified | direct |
| product | 0..1 Product |
Details about the product that reported the finding | direct |
| product_uid | 0..1 String |
The unique identifier of the product that reported the finding | direct |
| related_events | * RelatedEvent |
Describes events and/or other findings related to the finding as identified b... | direct |
| remediation | 0..1 Remediation |
Describes the recommended remediation steps to address identified issue(s) | direct |
| src_url | 0..1 UrlT |
The URL pointing to the source of the finding | direct |
| supporting_data | 0..1 String |
Additional data supporting a finding as provided by security tool | direct |
| title | 1 String |
A title or a brief phrase summarizing the reported finding | direct |
| types | * String |
One or more types of the reported finding | direct |
| uid | 1 String |
The unique identifier of the reported finding | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| SecurityFinding | finding | range | FindingObject |
In Subsets
Aliases
- Finding
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:FindingObject |
| native | ocsf:FindingObject |
LinkML Source
Direct
name: FindingObject
description: 'The Finding object describes metadata related to a security finding
generated
by a security tool or system.'
deprecated: Use the new <code>finding_info</code> object. (since 1.0.0)
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Finding
is_a: Object
slots:
- created_time
- desc
- first_seen_time
- last_seen_time
- modified_time
- product
- product_uid
- related_events
- remediation
- src_url
- supporting_data
- title
- types
- uid
slot_usage:
created_time:
name: created_time
description: The time when the finding was created.
desc:
name: desc
description: The description of the reported finding.
first_seen_time:
name: first_seen_time
description: The time when the finding was first observed.
last_seen_time:
name: last_seen_time
description: The time when the finding was most recently observed.
modified_time:
name: modified_time
description: The time when the finding was last modified.
product:
name: product
description: Details about the product that reported the finding.
product_uid:
name: product_uid
description: The unique identifier of the product that reported the finding.
src_url:
name: src_url
description: The URL pointing to the source of the finding.
title:
name: title
description: A title or a brief phrase summarizing the reported finding.
required: true
types:
name: types
description: One or more types of the reported finding.
uid:
name: uid
description: The unique identifier of the reported finding.
required: true
Induced
name: FindingObject
description: 'The Finding object describes metadata related to a security finding
generated
by a security tool or system.'
deprecated: Use the new <code>finding_info</code> object. (since 1.0.0)
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Finding
is_a: Object
slot_usage:
created_time:
name: created_time
description: The time when the finding was created.
desc:
name: desc
description: The description of the reported finding.
first_seen_time:
name: first_seen_time
description: The time when the finding was first observed.
last_seen_time:
name: last_seen_time
description: The time when the finding was most recently observed.
modified_time:
name: modified_time
description: The time when the finding was last modified.
product:
name: product
description: Details about the product that reported the finding.
product_uid:
name: product_uid
description: The unique identifier of the product that reported the finding.
src_url:
name: src_url
description: The URL pointing to the source of the finding.
title:
name: title
description: A title or a brief phrase summarizing the reported finding.
required: true
types:
name: types
description: One or more types of the reported finding.
uid:
name: uid
description: The unique identifier of the reported finding.
required: true
attributes:
created_time:
name: created_time
description: The time when the finding was created.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Created Time
rank: 1000
alias: created_time
owner: FindingObject
domain_of:
- Osint
- RelatedEvent
- Sbom
- Scim
- Session
- Sso
- Token
- Whois
- Resource
- Advisory
- AuthenticationToken
- Certificate
- Cve
- Database
- Databucket
- DigitalSignature
- Enrichment
- Epss
- File
- FindingObject
- FindingInfo
- Job
- KbArticle
- LdapPerson
- ProcessEntity
- Table
- Device
range: TimestampT
desc:
name: desc
description: The description of the reported finding.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Description
rank: 1000
alias: desc
owner: FindingObject
domain_of:
- Osint
- RelatedEvent
- Remediation
- Vulnerability
- Advisory
- Analytic
- ApplicationObject
- Assessment
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- Compliance
- Cve
- Database
- Databucket
- Enrichment
- File
- FindingObject
- FindingInfo
- Graph
- Group
- Job
- Location
- Node
- Policy
- Rule
- Table
- WebResource
- Device
- IncidentFinding
range: string
first_seen_time:
name: first_seen_time
description: The time when the finding was first observed.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- First Seen
rank: 1000
alias: first_seen_time
owner: FindingObject
domain_of:
- RelatedEvent
- Vulnerability
- FindingObject
- FindingInfo
- IdentityActivityMetrics
- Device
range: TimestampT
last_seen_time:
name: last_seen_time
description: The time when the finding was most recently observed.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Last Seen
rank: 1000
alias: last_seen_time
owner: FindingObject
domain_of:
- RelatedEvent
- Vulnerability
- Whois
- FindingObject
- FindingInfo
- IdentityActivityMetrics
- Device
range: TimestampT
modified_time:
name: modified_time
description: The time when the finding was last modified.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Modified Time
rank: 1000
alias: modified_time
owner: FindingObject
domain_of:
- Osint
- RelatedEvent
- Scim
- Sso
- Token
- Resource
- Advisory
- Cve
- Database
- Databucket
- File
- FindingObject
- FindingInfo
- LdapPerson
- Metadata
- Table
- Device
- RegKey
- RegValue
range: TimestampT
product:
name: product
description: Details about the product that reported the finding.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Product
rank: 1000
alias: product
owner: FindingObject
domain_of:
- RelatedEvent
- Sbom
- Advisory
- Cve
- File
- FindingObject
- FindingInfo
- KbArticle
- Logger
- Metadata
- TransformationInfo
- SoftwareInfo
range: Product
product_uid:
name: product_uid
description: The unique identifier of the product that reported the finding.
deprecated: 'Use the <code>uid</code> attribute in the <code>product</code> object
instead.
See specific usage. (since 1.4.0)'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Product Identifier
rank: 1000
alias: product_uid
owner: FindingObject
domain_of:
- RelatedEvent
- FindingObject
- FindingInfo
range: string
related_events:
name: related_events
description: 'Describes events and/or other findings related to the finding as
identified by
the security product. Note that these events may or may not be in OCSF.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Related Events/Findings
rank: 1000
alias: related_events
owner: FindingObject
domain_of:
- FindingObject
- FindingInfo
range: RelatedEvent
multivalued: true
remediation:
name: remediation
description: Describes the recommended remediation steps to address identified
issue(s).
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Remediation Guidance
rank: 1000
alias: remediation
owner: FindingObject
domain_of:
- Vulnerability
- AffectedCode
- AffectedPackage
- CisBenchmarkResult
- FindingObject
- ApplicationSecurityPostureFinding
- ComplianceFinding
- DetectionFinding
- IamAnalysisFinding
- RemediationActivity
range: Remediation
src_url:
name: src_url
description: The URL pointing to the source of the finding.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Source URL
rank: 1000
alias: src_url
owner: FindingObject
domain_of:
- Osint
- Package
- Ticket
- Advisory
- Cvss
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Enrichment
- FindingObject
- FindingInfo
- KbArticle
- Mitigation
- SubTechnique
- Tactic
- Technique
- IncidentProfile
- IncidentFinding
range: UrlT
supporting_data:
name: supporting_data
description: Additional data supporting a finding as provided by security tool
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Supporting Data
rank: 1000
alias: supporting_data
owner: FindingObject
domain_of:
- FindingObject
range: string
title:
name: title
description: A title or a brief phrase summarizing the reported finding.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Title
rank: 1000
alias: title
owner: FindingObject
domain_of:
- RelatedEvent
- Ticket
- Vulnerability
- Advisory
- Cve
- FindingObject
- FindingInfo
- KbArticle
range: string
required: true
types:
name: types
description: One or more types of the reported finding.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Types
rank: 1000
alias: types
owner: FindingObject
domain_of:
- FindingObject
- FindingInfo
range: string
multivalued: true
uid:
name: uid
description: The unique identifier of the reported finding.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: FindingObject
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
required: true